CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,147 vulnerabilities with CWE-79
CVE-2025-4955
MEDIUM
tarteaucitron.io < 1.9.5 - Authenticated Stored Cross-Site Scripting via YouTube oEmbed URL Parameters
CVSS 4.7
CVE-2025-49149
MEDIUM
Dify 1.2.0 - Stored Cross-Site Scripting
CVSS 6.1
CVE-2025-45880
MEDIUM
Miliaris Amygdala 2.2.6 - Cross-Site Scripting in Data Resource Management
CVSS 6.1
CVE-2025-45878
MEDIUM
Miliaris Amygdala v2.2.6 - Cross-Site Scripting in Report Manager
CVSS 6.1
CVE-2025-45879
MEDIUM
Miliaris Amygdala 2.2.6 - Cross-Site Scripting via Email Manager
CVSS 6.1
CVE-2025-49882
MEDIUM
CubeWP Framework <= 1.1.23 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-49881
MEDIUM
CyberChimps Responsive Blocks <2.0.5 - XSS
CVSS 6.5
CVE-2025-49878
MEDIUM
WPAdverts <= 2.2.4 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-49875
MEDIUM
IfSo Dynamic Content <1.9.3.1 - XSS
CVSS 6.5
CVE-2025-49871
MEDIUM
Noptin <= 3.8.7 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-49863
MEDIUM
WP Codeus Advanced Sermons <3.6 - XSS
CVSS 6.5
CVE-2025-49862
MEDIUM
motov.net Ebook Store <5.8008 - XSS
CVSS 5.9
CVE-2025-49861
MEDIUM
Kama Click Counter <= 4.0.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-49859
MEDIUM
etruel WP Views Counter <2.0.3 - XSS
CVSS 6.5
CVE-2025-49858
MEDIUM
Arconix Shortcodes <= 2.1.17 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-49855
MEDIUM
Meks Flexible Shortcodes <1.3.7 - XSS
CVSS 6.5
CVE-2025-49316
HIGH
Saleswonder Team Tobias WP2LEADS - XSS
CVSS 7.1
CVE-2025-49312
HIGH
CodeRevolution Echo RSS Feed Post Gen <5.4.8.1 - XSS
CVSS 7.1
CVE-2025-49266
HIGH
Rustaurius Ultimate Reviews <3.2.14 - XSS
CVSS 7.1
CVE-2025-48333
HIGH
WPQuark eForm - WordPress Form Builder - XSS
CVSS 7.1
CVE-2025-48145
HIGH
Michal Jaworski Track, Analyze & Optimize by WP Tao - XSS
CVSS 7.1
CVE-2025-39508
HIGH
Nasa Core <= 6.4.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-30988
HIGH
Elite Video Player <= 10.0.5 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-5700
MEDIUM
Simple Logo Carousel <= 1.9.3 - Authenticated Stored Cross-Site Scripting via ID Parameter
CVSS 6.4
CVE-2025-5291
MEDIUM
Master Slider - Responsive Touch Slider <= 3.10.8 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
Details
Vulnerabilities
45,147
Exploit Likelihood
High